Add note about PKCE to KeycloakInstalled adapter documentation
This commit is contained in:
parent
009af1e1a3
commit
d58d4f62bd
1 changed files with 2 additions and 2 deletions
|
@ -57,9 +57,9 @@ The `KeycloakInstalled` adapter provides support for renewal of stale tokens.
|
||||||
The application needs to be configured as a `public` OpenID Connect client with
|
The application needs to be configured as a `public` OpenID Connect client with
|
||||||
`Standard Flow Enabled` and pass:[http://localhost:*] as an allowed `Valid Redirect URI`.
|
`Standard Flow Enabled` and pass:[http://localhost:*] as an allowed `Valid Redirect URI`.
|
||||||
|
|
||||||
TIP: The `KeycloakInstalled` adapter supports the `PKCE` mechanism to provide additional protection during
|
TIP: The `KeycloakInstalled` adapter supports the `PKCE` [RFC 7636] mechanism to provide additional protection during
|
||||||
code to token exchanges in the `OIDC` protocol. PKCE can be enabled with the `"enable-pkce": true` setting
|
code to token exchanges in the `OIDC` protocol. PKCE can be enabled with the `"enable-pkce": true` setting
|
||||||
in the adapter configuration. Enabling PKCE is highly recommended.
|
in the adapter configuration. Enabling PKCE is highly recommended, to avoid code injection and code replay attacks.
|
||||||
|
|
||||||
===== Usage
|
===== Usage
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue